>>> On 6/14/2007 at 11:02 AM, Jim Johnson <[EMAIL PROTECTED]> wrote: > I personally haven't needed to make this change, but per > "CheckPoint_R65_KnownLimitation_Supplement.pdf" page 48: > > "In certain cases, installing policy on a cluster member may cause its state > to change and a failover may subsequently occur. To prevent this situation, > modify the firewall global parameter fwha_freeze_state_machine_timeout. This > parameter sets the number of seconds during policy installation in which no > state changes (including the "false" failover) will occur. Set this > parameter to the shortest period which eliminates the issue; the recommended > value is 30 seconds."
Can't find that on these boxes. They are R60. Guess that came into existence since then. But thanks, that would be exactly what I'm looking for. >> -----Original Message----- >> From: Mailing list for discussion of Firewall-1 >> [mailto:[EMAIL PROTECTED] On Behalf >> Of Crist Clark >> Sent: Wednesday, June 13, 2007 5:16 PM >> To: [email protected] >> Subject: [FW-1] Cluster XL Coming Up Swapped >> >> We've got some Cluster XL setups consisting of a failover >> pair. One cluster member is preferred over the other. We >> want to be on this primary member unless there is some >> trouble with it. The ClusterXL docs call this "Primary Up" >> mode. >> >> The problem we are having is that sometimes when we push >> out a policy to the cluster, the secondary member comes >> up as the "active" member with the primary in "standby." >> They were in the correct configuration, the reverse, before >> the policy gets pushed. There are no indications of failures >> (a "member down" message) in the logs. Just each one report >> itself up, as always occurs at a policy install. >> >> Anyone else seeing this? Ideas on how to fix it? >> >> Which brings me to another question. There is the radio >> button to switch back to the preferred cluster member >> whenever it is available. I assume we'd automagically >> flip back to the primary when the above occurs if we >> turn that on, but we're hesitant. The concern is some >> failure mode where the live machine reports a problem, >> but becomes available when offline. You end up with the >> machines flip-flopping. Not good. The documentation I've >> found doesn't mention any features to dampen something >> like that. Anyone know if those safety belts are built >> in? Any good or bad experiences with the "Primary Up" >> mode? BĀ¼information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
